6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
3/30/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#12295] Add POSIX group membership handling for LDAP accounts/groups
*
Your Email Address
*
Spam protection
Enter the letters below:
\ / .. ..__.. . >< ||__|[__]\ / / \\__|| || | \/
Comment
> If one is using the LDAP nis.schema to manage POSIX accounts in LDAP > the numerical ID of the primary group of the user is normally stored > in the gidNumber attribute of the posixAccount. Additional groups are > stored in the memberUid attribute of the posixGroup. > Vanilla HORDE is unable to retrieve the primary group of the > posixAccount, instead only the memberUid attribute of the posixGroup > can be evaluated which results in incomplete group member lists. > > Attached is a patch that adds the necessary bits and pieces to the > LDAP group driver to evaluate the primary group of an posixAccount. > Result are arrays with merged results of the new primary group and > and the default memberUid lookup. > > NOTE: Only read support as we don't write to LDAP using HORDE. > > Configuration options are provided for easy setup. Default behavior > is unchanged. > > modified functions: > listUsers() > - if $this->_params['posix'] is true > * get numerical ID ($this->_params['posixgidnumber']) of the group > * search LDAP auth basedn > ($GLOBALS['conf']['auth']['params']['basedn']) for users with > matching group ID > * if group has no memberUid attribute return list else return merged > and resorted list > > listGroups() > - if $this->_params['posix'] is true > * get numerical group ID ($this->_params['posixgidnumber']) of the > user with filter ($this->_params['posixfilter']) > * get group name ($this->_params['gid']) by numerical group ID > * merge and sort results with results from memberUid lookup > * return results > > Added new configuration parameters to conf.xml > - posix (Yes/No - true/false) > - posixgidnumber (numerical group ID, defaults to LDAP attribute 'gidNumber') > - posixfilter (LDAP RFC formatted filtet to match POSIX users, > defaults to '(objectclass=posixAccount)')
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers